Specify an error page for Identity Provider, SAML or SSO

You can specify an error page where users are redirected if Okta fails to process a social IdP login, inbound SAML assertion, or IWA SSO token. This part of configuring inbound SAML is optional.

Before you begin

Complete these tasks before you specify an error page:

Add a SAML Identity Provider

Add metadata for an Identity Provider

Start this task

  1. In the Admin Console, go to Security > Identity Providers.
  2. Click the gear icon next to the Add Identity Provider button
  3. Configure the following settings.
    • Use the default Okta error page: Users are redirected to the default Okta error page.
    • Use a custom error page: Users are redirected to the fully qualified URL of your custom error page. This option is useful if you embed Okta into your solution and you want to control end-to-end branding to enhance the end-user experience. The custom error page you specify applies to all IdP and IWA users in your organization.
  4. Click Save.


The custom error page setting does not apply to sign-in failures caused by an unknown user or a JIT failure. In these cases, users are redirected to their Okta sign-in page.